8 Technical Methods That Make the PROTECT IP Act Useless

We’ve been running a series of guides that show just how easy it is to bi-pass general DNS censorship. It’s general DNS censorship that has been proposed in the PROTECT-IP Act among other things. Rather than simply debate philosophically on why the PROTECT-IP act will do absolutely nothing to deter copyright infringement, we decided to do one better and prove it instead.

Hiding your IP address, using a proxy, using the onion router and obtaining an IP address to a website so you won’t have to rely on a public DNS server – these seem like a very intimidating tasks for the unprepared. To be honest, when I first chose to try and figure these out, it seemed intimidating even to me – especially given that I don’t really even make use of proxy servers (or do any of the above for that matter). So really, I felt that I could relate to a number of moderately informed users on these topics.

Certainly, being able to remain anonymous online is something that can benefit many people – especially those who are marginalized by their own government in various ways – but I personally never felt that motivated to use any tools as it seemed to be an unnecessary layer of security when I simply browse news articles and listen to Creative Commons music among other things. So, a vast majority of the guides I’ve written over the last few weeks have been quite a learning experience to me.

The PROTECT-IP act has given me motivation to figure out how all of these methods work mainly due to the arbitrary nature of it all. If Hollywood doesn’t like that fan edit of a short clip, they can make that whole website disappear. If the RIAA thinks that a site like SoundClick doesn’t need to be seen by anyone else, they can erase easy access to that site almost with the snap of their fingers. So, how does the PROTECT-IP act work? Just look at the following from Wikipedia’s entry:

The Protect IP Act says that an “information location tool shall take technically feasible and reasonable measures, as expeditiously as possible, to remove or disable access to the Internet site associated with the domain name set forth in the order”. In addition, it must delete all hyperlinks to the offending “Internet site”.

At a technical level domain name servers would be ordered to blacklist the suspected websites. Although the websites would remain reachable by IP address, links directing to them would be broken.[9] Also search enginesâ€”such as the already protesting Googleâ€”would be ordered to remove links in their index of the web of an allegedly infringing website. Furthermore, copyright holders themselves would be able to apply for court injunctions to have sites’ domains blacklisted.

To me, the scarier part is the fact that DNS servers would be affected by this. Forget search engines censoring websites based on copyright complaints, that has been happening for years through the DMCA. What I was more concerned about was the DNS servers because it would affect every internet user that uses that given server. So really, the taller order was figuring out how to make DNS censorship useless.

What struck me when writing these guides was just how easy some of these methods really were. In some instances, the only way to make defeating such censorship easier is to have a really big red button on the side of your computer that you can press to make DNS censorship go away. As such, I am convinced, at this point, that the PROTECT-IP Act will do absolutely nothing to curb copyright infringement. Sure, it’ll hamper free speech, sure it’s probably unconstitutional, sure it is politically unsound, sure it’ll probably hurt small and medium business, sure it’s probably anti-competitive, sure it’ll probably cause some security headaches, but stopping copyright infringement? Not by a long shot. Not with such methods I found that would be useful in circumventing such censorship anyway.

So, without further ado, the list including pros and cons of each (each method links to a corresponding guide we wrote):

Quick Explanation:
A security tunnel that protects your data as it travels from your computer to the VPN server before letting it out on to the internet. As long as that VPN service is outside the United States, it’ll be very difficult to stop users using such services to circumvent DNS censorship.

Pros:

Very good security benefits. For the most part, it’s reliable. Plenty of technical support to go around depending on which VPN service you choose. Access pretty much everything on the internet. Very good for privacy.

Cons:
Costs money. May include bandwidth caps. Reliability of service isn’t consistent for every VPN service (though frontrunners are generally easier to spot in terms of reliability). Reportedly, you may need to install software you aren’t completely familiar with (depends on which service is being used).

For most users, there is actually a hosts file on their computer that can be used to connect domain name to server IP address without the use of a public DNS server. If a website is censored through a DNS server, one can simply use the HOSTs file so that a public DNS server isn’t even used in the first place. You just type in the domain name in your URL and the website would still appear.

Pros:

Completely removes the need to use a public DNS server when accessing specific websites. Prevents links from breaking due to DNS censorship. Enables you to have greater power over how you view webpages. No installation or downloading of software.

Cons:

Requires maintenance. Not always easy to find in your system (solved by our guide). May raise security issues on a LAN with multiple users (difficult to see how in a number of cases since one can use the HOSTs file to increase security for others). Side benefit of having an effective way of blocking ads on the web (hint: Use 127.0.0.1 for domains that deliver ads). You also need to find accurate IP addresses in the first place (solved by two other guides we have in this list.

TOR is more or less a network of proxies. One person accesses a proxy and that proxy forwards that access to another proxy, trying to erase the users tracks. That proxy sends that stream to another proxy and the stream keeps going through these steps until it finally reaches what is known as an “exit-node”. That exit node then accesses the internet on the users behalf and acts as an intermediary in the process. As long as that exit node exists outside of the US, there is a very good chance that it won’t be affected by DNS censorship imposed by the ISPs onto their DNS servers.

Pros:

Added bonus of a very secure source of anonymity (not 100% chance of anonymity of course, but close enough). An interesting way of seeing the internet through the eyes of someone not in your country.

Cons:

You might not be able to get everything your want from the internet through this network (there may be way of making things not break through this, but it isn’t without the risk of compromised security). Requires downloading content to run (though installation is minimal)

Just by using publicly available DNS look-up tools, one can easily obtain server IP addresses for later use. If a domain is censored, one can simply replace the domain name part of the URL with the IP address and still access the website.

Pros:

Potentially obtain multiple IP addresses for later use. Free. Obtain the addresses once and you don’t have to worry about losing access to the site for as long as the server IP address remains the same.

Cons:

Preferably, the IP addresses must be obtained before the site is actually censored (there may be a brief window between when the domain is censored and when DNS records are updated, but there’s no telling how long that window is for sure). If the website obtains a new server and changes all of its IP addresses and you don’t have the new addresses, then you could lose the ability to use the website. There’s no guarantee this will always be an option should ISPs start blocking IP addresses as well.

Since we are talking about censoring DNS servers in the US, one can always just use a DNS server over seas (like ones used by ISPs overseas). By changing a your DNS server, you are no longer relying on a server that could be censored by the US government and/or corporate interests.

Pros:

No installation or downloading of additional software (everything you need should be on your computer already). Just a few menu clicks away. Can always be changed again at a later time without too much hassle.

Cons:

Can be a security risk to your computer if not done properly. Difficult to obtain DNS server IP addresses that will guaranteed be available for the foreseeable future. No guarantee that ISPs won’t start blocking this type of activity.

In Windows at least, one can simply open up command prompt (explained in tutorial) and simply type in “ping [insert domain name here]” and obtain a server IP address for later use.

Pros:

No installation or downloading of any software (use what you already have on your computer). Probably the fastest way to shield yourself from censorship. Only one command is technically necessary before you get what you are after.

Cons:

Obtaining this information through command prompt must be done before the domain is censored. Only one IP address can be obtained this way. If the website changes IP address for their server, you’ll lose access to the site unless you have the new one as well.

It’s a simple plug-in for FireFox you can download and install. After getting a nice list of simple proxies that preside outside of the US, you have a better chance at accessing the website that has been censored by the US government and/or corporate interests.

Pros:

Easy to install. Being able to access censored websites can merely be a click away. A fast fix with minimal effort if you have access to a decent size list of proxies (provided in guide).

Cons:

Reliability is no guarantee. Based on the technological aspect of this method, it’s not that secure since you are relying on one proxy. Not able to use this method for all kinds of web traffic. Confined to FireFox.

A simple plug-in for FireFox (or Chrome) you can download and install. If a website has had it’s domain seized, then you can be redirected to an alternate domain and still access the website.

Pros:

Easy to install. Is maintained for you through updates.

Cons:

Uses DNS servers that can be censored. Depends on there being an alternative domain name being used in the first place for access (if an alternate domain doesn’t exist, then the site might not be accessible in this fashion). Technically, the site could be censored and block all possible updates as well.

Final Thoughts

By no means is this list comprehensive in any way. Still, I think some of these methods go way beyond circumventing types of censorship as suggested by the PROTECT-IP act.

It’ll be interesting to see how some services respond both who support internet censorship and those who are against internet censorship. I have a feeling it will be extremely difficult to stop these already existing methods to defeat DNS censorship. If, say, ISPs find a way to stop all of the above, a combination of some of the above or any enhancements to any of the above, I’ll be very impressed. Good luck to the ISPs on stopping this, they are going to need it.

Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at [email protected].

Update: Your e-mails are greatly appreciated. Thank you everyone for the supporting notes!

Drew Wilson
Drew Wilson is perhaps one of the more well-known file-sharing and technology news writers around. A journalist in the field since 2005, his work has had semi-regular appearances on social news websites and even occasional appearances on major news outlets as well. Drew founded freezenet.ca and still contributes to ZeroPaid. Twitter | Google Plus

nslookup > ping
Just use Nameserver Lookup to get a list of ALL the current IP addresses (for your network). Note that some(most?) hosts will be seen as a different IP address depending on when and where you access them. This is for load-balancing, of course. It's also possible to have regional versions of sites, but generally that is done with cookies or geolocation databases or even just referrers.
They're going to likely start blocking all VPNs at the IP address level (already happening in some countries, actually) so pretty soon we'll have to use I2P just to get a working Internet. They (law enforcement/security agencies) don't want to have politicians open that can of worms but self-serving politicians are going to make it a lot harder to find a needle in a stack of other needles when most technical users move on past the WWW. HTTP isn't the only protocol and it can be hidden in others like SSL/PPTP/..., LOL!
And yes, there has been email attacks or malware where people get illegal porn images or something disguised as one. Reverse steganography like 'Worm' mentions is very easy - just ask the email spammers!

Well as I see it , this is an other us commissioned law which are heavily laughed about in the "free world". There are so many ways to just ignore this shit! If America wants to live in the past so ok! Its not until the americans them self realize this when things may change, however it may take some time :p http://pirate-party.us/ lets tall take a look :-)

As far as DNS servers. Someone with enough technical saay could run their own DNS server, querying the root servers directly. In one discussion of Britain's proposed kill switch for social; media, this, that idea has been mentioned.

A few comments are talking about using your own DNS server -- It is much easier than many believe as you can use BIND from ISC. It is part of most (if not all) Linux instalations and can easily be installed on Windows systems by downloading a Windows version from http://www.isc.org/software/bind. This is a .ZIP-file with all the components and an installer to perform a hasslefree installation.
Run this on your machine and use 'localhost' as your DNS server and you are done!

@ben: "to avoid a court case when downloading material, one should always encrypt the data being downloaded regardless of any tools used to circumvent web censorship."
How can you encrypt something you are downloading directly? If the mafiaa puts up a dummy file as a torrent and you download it directly, how will encryption have any effect on that?

You know what I find kind of funny? Everyone saying "well they will pass these stupid laws and then everyone will be using VPN and they will then be stuck and never be able to control the internet at all anymore". That is extremely short sided. Don't you realize that if they pass these laws, it will only be a matter of time before they pass anti-VPN laws? You can say "Oh that could never happen because we live in america land of the free" but the law doesn't play by the law. Those "operation in our sites" site takedowns are blatantly illegal. There should be no way that they can "take down" a site based on an accusation of copyright violation. Also there is NO WAY that a site can be guilty of copyright infringement when they only simply link to content and don't have anything directly on the site. And yet the government takes them down all the same. The law doesn't give a flying fuck about our rights as it is and yet you think they will accept our right to privacy tomorrow?

I am convinced that the PROTECT IP act really has nothing to do with copywrong,
It is a false cover to enable agencies to seize control over the Internet, while at the same time, fooling the public into believing it is for copyright,

If they try to block proxies, tor, or VPN, it will be like playing whack-a-mole. I know this becuase I have had problems for nearly 2 years now with one guy who just does not get the message that he is not welcome on my web site. I block proxies, and he will just keep trying proxy after proxy, until he finds one the blocking list has not captured yet.
That is the problem that ISPs will have if they are ever ordered to block proxies. People will just keep trying proxy after proxy until they find one that works. I think that is why the current version of Protect IP does not address circumvention. I think Leahy knows that it would just be a game of whack-a-mole trying to block proxies.

So the IP ACT is a method of using the legal system to stage a denial of service attack ? It seems to me that anyone who owns any web service tool could file lawsuits to shut down sites until it could be determined they are *not* using his software. Are the major record labels and RIAA safe from the weapon they created?

Don't worry about pptp vpn's being weak, filesharing is a civil crime, where i live to break any encryption and use that evidence legally, requires that criminal law is breached.
Due process is your friend.
In reality though, the powers that be can get you anyway they like.
As for aes256, that was the NSA's work.
Assume wisely.

Consumer grade modem-routers often provide a mini-dns server that allows the user to chose the DNS server to forward requests to. This is usually quite a simple task done through the routers web based config utilities. Most likely the easiest solution for users with limited technical ability.
You are right in that an anonymous browsing session using TOR will reduce functionality, however simply visiting an overseas website does not require anonymity since being blocked by DNS servers does not make viewing the web material illegal. The only downside to onion routing used in this context is the speed penalty.
to avoid a court case when downloading material, one should always encrypt the data being downloaded regardless of any tools used to circumvent web censorship.

Ok,
Almost all are very good points but some clarifications and corrections....
From point 2:
"Side benefit of having an effective way of blocking ads on the web (hint: Use 127.0.0.1 for domains that deliver ads)."
Err... wrong you shouldn't point anything to your local-loopback besides that you are making your own computer process more requests to himself you are making a security mistake which can lead your computer to an easy way to compromise some of your own services so it is more wise to choose an invalid address rather than the loopback address... more info about the problem: hackademix.net/2009/07/01/abe-warnings-everywhere-omg/
From point 6:
Well m not gonna quote everything here but you are wrong, actually you should entirely remove this point because a ping to a hostname will always first resolve the hostname so if you are actually being blocked in DNS this will also lead to the same "blocked ip-address" so this point is entirely useless and its actually fare better to use a web dns tool (like dns crawler which sometimes querys the root-servers) that you already recommend in point 4.
Also i will add that is far better to run your own DNS Server and from start caching.
Many Operating Systems today already do this but only for caching purposes you can fully enable it and start using it as a local dns-server, if you are scare of running your own server then just use the one at your modem-router or plain router, sometimes they include a mini dns server (due to space and processor constrains) but for "performance" they just forward dns querys to your ISP's so actually enabling them will help to circumvent protect-ip obviously if they configured well.
Best Regards

So explain to me how ping finds the address. Does it invent one? Does it try all of the IPv4 address range until it finds the right place or does it use the default DNS.
Cretin.
Option 6 doesn't circumvent anything.

Not surprised to see paid VPN listed as solution #1. A solid VPN service will give you a dynamic IP, the ability to connect to overseas servers, strong encryption, unlimited bandwidth, and high speeds. In return for the few dollars a month, you get all that, and basically the peace of mind that crap legislation like this won't bother you. Is that worth $10-$20/mo? I definitely think so.
A good VPN provider also won't keep logs, but be aware, US VPN providers are required to do so. As are international VPN providers operating US based servers. Moral of that story? Don't use US VPN servers if you require "significant" anonymity. Although there hasn't really been any publicized instances of US VPN giving up details on say, file sharing. Sweden, NL, and other places are your best bet there.
An interesting fact is that with all this legislation (not just in the US either), law enforcement and intelligence agencies are becoming increasingly worried about the growth of VPN and encryption. So really, they'll have no one to thank but the legislators when everybody and there brother is inside a 256bit AES data tunnel.
Speaking of, for gods sakes don't get a VPN provider that only offers PPTP. Your best bets are L2TP, OpenVPN, and the new SSTP (from Microsoft of all places). L2TP can sometimes be blocked though (UAE and others are known to block it). OpenVPN is much harder to block and provider many options for encryption (because it uses OpenSSL). SSTP is virtually impossible to block because it disguises itself as a regular HTTPS session.
A couple of good options, if you're interested in VPN:
HideMyAss is $11.52/mo for Unlimited and High Speeds
VyprVPN comes free with Giganews Usenet or $15/mo
VPNTunnel.SE is run out of Sweden with absolutely no logging
iVPN.net has true Multihop bouncing your connection through 2 locations
VPN is also good practice in general. Do you use open/public wifi? You better be on VPN, otherwise someone just jacked your email (or whatever else - see session hijacking).
In any case, this was a really good article. ZP did a great job on this. Hopefully folks will continue to get educated and stay smart.

Another way to bypass any ISP blocking of DNS lookups to an overseas DNS Server is to choose a DNS server that allows you to use a port other than 53. Then it's a matter of applying an outgoing map from port 53 to xxx. If your hardware can't do that, then a small program could be written to do the port mapping on your PC.
If an ISP is coerced into censoring DNS lookups to anything but their own (poisoned/damaged) servers, they would be defeated if everyone used some random port. It would be easy to set up a DNS server to accept requests on a wide range of ports; simply forward all incoming requests in that range to port 53 internally.
What troubles me, though, is the fact that these copywrong idiots have no regard for the integrity of the Internet, and are prepared to damage the infrastructure (DNS) that makes the Internet as useable as it is. These people are truly vandals, and are performing criminal acts when they break our communications systems.

I'm not quite sure that it will matter how you attempt to circumvent the censor, when the censor will just shutdown the information portal or individual/group websites.
Sure, there's always newsbins, mailing lists, irc, etc.. but I am not going to pay money to access an internet that has been stifled to such a point.

I began the Wikipedia article on Operation Delego. Only 72 individuals out of the approximately 600 members of Dreamboard were charged, and twenty of them as John Does. While Dreamboard itself gave advice to its members as to which encryption to use (according to the Twitched Indictment), the Feds obviously aren't broadcasting about the security protocols which they weren't able to break or otherwise circumvent. Proxies? Tor? Public-key encryption? Carrier pigeons? Some particular mix of the methods mentioned in the article? You have to read between the lines, I suppose.

If laws have been thrown out that required ISP's to block access to sites that trade child porn--which they have--DNS censorship will never survive First Amendment scrutiny, especially when it gives the censored website no notice or opportunity to respond.
And as far as that big porn ring, I haven't seen any government claims that they actually tracked people who were using proxies or Tor. What I see is lots of bluster about how "users were advised to use proxies" and "we busted lots of people" but no "we busted lots of people who were using proxies." Probably what really happened is the government got the people who weren't using proxies at all and are peacocking.

Also I want to point out before anyone else does that I realize that my last post ISN'T the point of the article. The point was various ways to get around stupid internet censorship and the VPN, proxies, tor and all that other stuff is MORE than capable of doing that so I agree 100% with the article. I just wanted to point out that just because you are hiding your real ip, you are hardly anonymous.

Well I'd like to point out that in the recent raid on that international pedophile ring, law enforcement blew past the proxies and tor "protection" and EASILY found everyone even though they weren't all in america. I'm not saying that torrenting an 80s rock cd has the same priority for law enforcement as a worldwide pedo ring but the fact remains the same that tor and proxies only give an illusion of anonymity. If someone wants to track you and your activity online, they'll do it and that stuff won't be a deterrent of any kind. Also VPN services log all that activity and will be more than happy to hand it over to any law agencies that demand to see it. The vpn does not "hide your tracks" in the exact words of a vyprvpn tech.

Those are listed here, & DNS servers also mean more CPU/RAM/Other forms of I-O consumption as well. This is all listed here:
http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700
Where it noted HOSTS files as a superior alternative to either AdBlock OR DNS servers (though it does point to external DNS servers that are good and reputable which utilzing DNSBL vs. sites that are known to serve malware, or are maliciously scripted, do phishing/spamming, or are BOGUS dns servers themselves, as well as botnet C&C servers, etc./et al),
Most of all perhaps in favor of HOSTS files, is that HOSTS files are merely a FILTER for a highly efficient system that runs in Ring 0/RPL 0/kernel mode, in your IP stack itself (meaning they run far more efficiently & faster than usermode/Ring 3/RPL 3 solutions do, without consuming more CPU/RAM/& other forms of I/O added solutions incur yet again, also).
Consider that link @ least some "Food 4 Thought", because it's YOUR MONEY you spend to be online, & HOSTS files offer improvements in SPEED, BANDWIDTH, SECURITY, & even to an extent/degree, "anonymity" vs. DNSBL's potentially "unjustly implemented", as this article seems to allude to.
Sincerely,
Alexander Peter Kowalski
apk

Unintent troll, just use 0.0.0.0 (it is smaller & parses faster, plus does NO "loopback" operations, since it is NOT using the loopback adapter address even - &, on Windows 2000, XP, Server 2003, you can STILL use a faster one yet, in just plain 0 - you could on VISTA until MS Patch Tuesday 12/09/2008 - this I even mentioned to MS senior mgt. person Richard Russell (VP of the Windows Client Performance Division) & he "dodged me" on it for some reason, so did Steven Sinofsky))...
Anyhow/anyways:
Yes, of all the repliers here, you may wish to read what I put up @ slashdot regularly here & I did above:
http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700
Simply because HOSTS files can gain you a LOT in speed, bandwidth, security, & yes, even "anonymity" to an extent, vs. DNSBL (as I noted above)...
So please - Take a read here, be enlightened to something you already have, with sources for populating it & more (downsides of other methods, better DNS servers, downsides of DNS + far more with backing/substantiating articles as proofs thereof)
Alexander Peter Kowalski
apk

Ping essentially does a "reverse-DNS" lookup, by utilizing the TLD that maintains this information... traceroutes do also, since you asked this:
"So explain to me how ping finds the address. Does it invent one? Does it try all of the IPv4 address range until it finds the right place or does it use the default DNS." - anonymous coward
APK
P.S.=> MOST IMPORTANTLY THOUGH - I'd also like you all to note 1 thing that's going to happen now, especially now (and, it HAS been happening already, bank on it):
These "TOR endpoints" & "highly anonymous proxies" some of you MAY be relying on to play games vs. this law &/or others like it?
They're going to be a LOT of "honeypots" (bogus ones meant to track you in other words) being set up for that purpose... bank on it! Put it THIS way, I am certain of it, & just putting out the word here is all... apk

Since it seems that there's some confusion on why I included command prompt as an option, I'll clarify for those that didn't read the guide:
If you are worried that a domain you use might be censored, you ping the domain and retrieve the IP address BEFORE it is censored. Then, you simply replace the domain name with the IP address. Preferably, you take the IP address and drop it into your HOSTs file.
It's a VERY low tech method and the only two ways it wouldn't work is if the domain in question redirects you to the domain name or the ISP blocks the server IP address as well. Unless ISPs interpret the PROTECT IP act in a way that forces them to block the IP address as well, then this is actually a bit beyond the scope of the legislation (has not passed yet)
It's also very low on the list as well for the reason that I can see such a technique be plugged quickly. Nevertheless, it is a possible way to circumvent DNS censorship, so that is why it is even included at all. Besides, even if it doesn't work at all, there's still 7 other options at your disposal.
Also, if anyone is reading these comments with more knowledge in this area, I am open to suggestions on other ways of circumventing DNS censorship as I'm having a hard time finding anything else that is not only different from the list above and is available for testing, I'd be interested in giving it a shot. I'm aware that there is some experimental methods being developed ATM that further hides your traffic and activities.

http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 because HOSTS files can do a LOT MORE than just do what's noted in this article, & in your favor, as users/consumers of the internet for more speed, bandwidth, security & yes, "anonymity" vs. DNSBL as noted here.
Sincerely,
Alexander Peter Kowalski
apk

I would be interested in learning the mechasismby which law enforcement "blew past" Tor anonymity. I suspect that they did not actually break Tor but used social engineering or the Tor users self-incriminated in some way. Any details you have on this would be great, thanks.

As far as hiding your IP, it also depends on the country where the proxy or VPN is. Back before there were legal options for downloading music, and pirate sites (e.g Kazaa, or the original Napster) where the only way, I never used proxies in Western countries. I always used proxies in countries like China, or even North Korea, where they would gladly tell the American government to drop dead.

Again...why has no one created a worm that simply creates bogus traffic will waste/overwhelm Law Enforcement time if such an act goes into effect? Since governments spend so much time on kiddie porn and terrorism, I'm surprised one hasn't been created, yet.

Also you can simply purchase a Pre-Paid Credit Card and sign up if security is a bigger concern signing up for a VPN. Most only keep temporary logs and will tell you how long they keep them for before deletion if not stating on their site via a email query. A good VPN will not keep logs for longer than 7 days and even then the logs hardly tell you much except time stamps and ip's that were connected to or requested from the original IP (you).